## Summary Fix high severity security issue in `src/modules/h350/h350_exp_fn.c`.
## Vulnerability | Field | Value | |-------|-------| | **ID** | V-004 | | **Severity** | HIGH | | **Scanner** | multi_agent_ai | | **Rule** | `V-004` | | **File** | `src/modules/h350/h350_exp_fn.c:38` | **Description**: The H350 module constructs LDAP filters using SIP URI values via string formatting with the H350_SIPURI_LOOKUP_LDAP_FILTER macro. While the variable name 'sip_uri_escaped' suggests some escaping is applied, the escaping mechanism may not cover all LDAP special characters per RFC 4515 (*, (, ), \, NUL), potentially allowing LDAP injection through crafted SIP headers. ## Changes - `src/modules/ldap/ldap_escape.c` - `src/modules/h350/h350_exp_fn.c` ## Verification - [x] Build passes - [x] Scanner re-scan confirms fix - [x] LLM code review passed --- *Automated security fix by [OrbisAI Security](https://orbisappsec.com)* You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/4750 -- Commit Summary -- * fix: V-004 security vulnerability -- File Changes -- M src/modules/h350/h350_exp_fn.c (4) M src/modules/ldap/ldap_escape.c (5) -- Patch Links -- https://github.com/kamailio/kamailio/pull/4750.patch https://github.com/kamailio/kamailio/pull/4750.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/4750 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/[email protected]>
_______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
